Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Oh, the Irony! Chrome is Blocking Security Tool Nmap Downloads Considering it a Security Threat

    Nmap is a popular open-source tool created by Gordon Lyon used by security experts and network admins to analyze the network, find exploits, and keep it secure.

    However, it seems that for a day at least, Google Chrome blocked all Nmap downloads using its Safe Browsing service by labelling it as a threat.

    Even though this has been fixed quickly. For many visitors trying to download the tool, this must have been confusing. A software that’s more than a decade old is now suddenly considered as a threat?

  • Logging as a service isn't SIEM -- so what is it?

    Log management software is often confused or conflated with security information event management (SIEM) software. Both monitor and analyze system and application data, so vendors often blur the lines between the two categories, with many SIEM products including a log management module. Conversely, some log management vendors also have SIEM offerings that work with or supplement their logging products.

    The primary distinction between log management and SIEM is focus. SIEM tools prioritize data and metrics relevant to security, not the totality of an environment's system, user and application log output. Log management software and services provide a scalable, holistic platform to collect, manage, archive and analyze all of an IT environment's log output -- on premises and in the cloud.

  • Laptops given to British schools came preloaded with malware and talked to Russia when booted [iophk: Windows TCO]

    These devices have shipped over the past three to four weeks, though it is unclear how many of them are infected. One source at a school told The Register that the machines in question seemed to have been manufactured in late 2019 and appeared to have had their DfE-specified software installed last year.

  • Democrats seek answers on impact of Russian cyberattack on Justice Department, Courts [iophk: Windows TCO]

    The senators’ concerns come weeks after both the Justice Department and the U.S. Courts reported that they had been among the federal agencies compromised by the Russian attack on SolarWinds, which was uncovered in December but had been ongoing for more than a year.

    In a statement earlier this month, a DOJ spokesperson said around 3 percent of the agency’s employee email accounts had been “potentially accessed” as part of the breach, but that there was “no indication that any classified systems were accessed.” DOJ has more than 100,000 employees.

    The federal judiciary confirmed it was breached the same week as DOJ, noting in a statement that the AO’s Case Management/Electronic Files system had suffered an “apparent compromise,” with new procedures immediately put in place to file sensitive court documents.

  • Biden inherited one of the worst [cracks] in history. How will his administration respond?

    But that's the easy part. The SolarWinds [attack] — named for the Texas software company that Russia [cracked] in order to gain access to tens of thousands of its customers, many of them American businesses and federal agencies — ran undetected for at least nine months, siphoning off private information before it was discovered in December.

    At least five federal agencies have admitted they were affected. Several others have so far refused to comment. Few private companies have admitted to being victims, but experts say the working assumption is the number is in the hundreds.

    That's left cybersecurity experts with the labor-intensive task of combing through sensitive networks.

More in Tux Machines

Small Image Tools that Pack a Real Punch

The spotlight usually focuses on the heavyweight Linux graphics tools such as GIMP, Shotwell, digiKam, Inkscape, and Krita. However, there are many other open source graphics tools that merit attention. Linux offers a vast collection of open source small utilities that perform functions ranging from the obvious to the bizarre. It is the quality and selection of these tools that help Linux stand out as a productive environment. A good utility cooperates with other applications, integrating seamlessly. Although command-line tools are very useful for updating, configuring, and repairing a system, their benefits are not only confined to system administration. The majority of the applications featured in this article are command-line tools. They are very light on system resources, fast and efficient, don’t rely on a windowing system, and are great for integrating with other applications and scripting. The term lightweight is a label attached to computer software which is relatively simpler or faster than its counterparts. Feature bloat is endemic in software especially commercial software. Often, the easiest way to persuade users to upgrade to the latest version is to add new spangly features. This happens with open source software (to a lesser degree), and open source graphics software is not immune to feature bloat. Well, there is no feature bloat here! To provide an insight into the quality of software that is available, we have compiled a list of small image tools that are incredibly useful. Read more

Debian: Rejections, LTS Work, and Bugfixes

  • Thorsten Alteholz: My Debian Activities in February 2021

    FTP master This month I accepted 162 and rejected 28 packages, which is again a small increase compared to last month. The overall number of packages that got accepted was 291. Debian LTS This was my eightieth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

  • RCBW 21.9 – jwiltshire.org.uk

    A recent upload of electrum suffers from the serious bug #981374. On the face of it this is just a missing package dependency: can you help with testing and preparing an updated package to fix this? You don’t need to be a Debian Developer to get stuck into this one!

Videos and Shows: KDE Community Edition PinePhone and This Week in Linux

  • KDE Community Edition PinePhone Unboxing and First Try! - YouTube

    In this video I'm "unboxing" (or, rather, showing the box and its contents) of the pinephone, and trying it for my first time!

  • This Week in Linux 141: GRUB 2 Security Flaw, Linux Mint to Force Updates?, Valve’s Steam Link

    On this episode of This Week in Linux, we’re going to try something different with the show. Let me know what you think of the changes. This episode is completely stacked with exciting news, we’ve got a ton of Distro News from Ubuntu, openSUSE, Linux Mint, SystemRescue, IPFire, and even Linux From Scratch. A vulnerability was found in GRUB 2 that lets someone bypass Secure Boot so we’ll talk about that and just how bad is it? The EU announced some great news related to Right to Repair. Valve has announced that Steam Link is now available on Linux and it’s a real game changer. We’ve also got some media production news to check out this week from Blender, Ardour and a new synthesizer called Vital. All that and much more on Your Weekly Source for Linux GNews!

Hands-On with Raspup on Raspberry Pi 4: Puppy Linux for Tinkerers

If you never heard of Raspup before, let me tell you that it’s a Debian-based GNU/Linux distribution built from the Woof-CE build system that was originally developed by Barry Kauler, the creator of Puppy Linux, and binary compatible with Raspbian (the official Raspberry Pi OS). As such, Raspup is a Puppy Linux port for Raspberry Pi. Raspup was created by Michael Amadio and it’s designed to run on ARMv7l hardware, specifically on the Raspberry Pi Zero, Raspberry Pi 1, Raspberry Pi 2, Raspberry Pi 3, Raspberry Pi 3+, and Raspberry Pi 4 single-board computers (SBCs). Read more